As we marvel once again that the holidays are already upon us, it’s also an opportunity to reflect on 2018, and set a new security strategy that takes into account what we may be up against for the coming year. I sat down recently with our trusted experts and threat intelligence pros, who’ve been right about predicting many trends in cybersecurity in recent years.
Whether it’s more nation-state sponsored cyberattacks, a new breed of security data scientists, new forms of social contracts that uphold digital trust, or significant growth in application security and vulnerability remediation, here are a few of our predictions for 2019…
Nation-State Sponsored Cyberattacks Will Continue to Increase
“Nation-state sponsored cyberattacks have been increasing every year, and this trend is expected to continue indefinitely into the future (at least until a coordinated government response is enacted). One of the reasons is that none of the presidential administrations have taken a stance on the issue. It’s basically free hunting season, with no repercussions at the moment, so from an adversary’s point of view: ‘why not?’” Bryan Becker, application security researcher, WhiteHat Security
A New Breed of Security Data Scientists Will Emerge
“As AI and ML become mainstream, a new breed of security data scientists will emerge in 2019. AI and ML techniques are data dependent. Preparing, processing, and interpreting data requires data scientists to be polymath. They need to know computer science, data science, and above all, need to have domain expertise to be able to tell bad data from good data, and bad results from good results. What we have already begun seeing is the need for security experts who understand data science and computer science to be able to first make sense of the security data available to us today. Once this data is prepared, processed and interpreted, it can then be used by AI and ML techniques to automate security in real time.” – Setu Kulkarni, vice president of corporate strategy, WhiteHat Security
Organizations Will Shift Away from Single Sign-on (SSO)
“The recent breaches this year have shown the industry just how dangerous single sign-on (SSO) can actually be. Nobody knows how many websites were affected by the Facebook breach, but potentially any linked SSO account that was involved in the breach is potentially at risk. SSO necessarily means your application’s security is tied to the security of the site providing the authentication, and the more sites they support, the bigger the target they become. SSO then becomes a trade-off of security for convenience that I expect more and more organizations to begin to question the value of.” – Bryan Becker, application security researcher, WhiteHat Security
Social Contracts Will Adapt to Ensure Trust Between Humans, Systems and Data
“Social contracts as we know them will change as trust and privacy between digital and physical entities will become keys to societal success. Trust and privacy are the cornerstones of security. Security does not necessarily imply obscurity and withholding – a society just won’t work in such a world. For society to work, physical entities need to trust each other and ensure privacy. You can’t go to a doctor and not tell the doctor about what is bothering you because you fear the doctor will not respect your privacy. You trust the doctor. Now phase shift to today, where a doctor is using a digital assistant to capture notes, and you are using web and mobile interfaces to interact with the doctor. Now there are digital representations of physical entities in play (digital assistants, web and mobile apps) that need to afford the same (if not higher) levels of trust and privacy to you and the doctor. Systems will need to change soon to accommodate this status change of digital entities. Digital entities will become at-par with physical entities, and as such, the social contracts as we know them will need to change to ensure the trust and privacy boundaries across humans, systems and data are upheld.” – Setu Kulkarni, vice president of corporate strategy, WhiteHat Security
Security for Industrial Control Systems (ICS) Will Be Critical
“Industrial control systems are the wild-west of cybersecurity at the moment. These systems control factories, buildings, utilities, etc. Most systems have little-to-no protection, and best practices are still being adopted very slowly. They also represent extremely high-value targets, especially from a strategic point of view. A few new companies have entered the landscape, but it is still an extremely young industry.”
Static Application Security Testing, Software Composition Analysis Will Become a Must
“In application security, while dynamic application security testing (DAST) will be the largest revenue generator for application security in the 2019 channel, we anticipate significant growth in static application security testing (SAST) and software composition analysis (SCA) as the industry moves toward identifying and remediating vulnerabilities before they reach the production environment.” – John Atkinson, vice president of strategic alliances, WhiteHat Security
As we look forward to a new year, it will be interesting to see how new threats evolve and how the government, private industry and customers both advance and respond. I’m betting our trusted experts will prove to be right on the money.